From b730747e3988721371861ff975062d017f651288 Mon Sep 17 00:00:00 2001 From: Leonardo Luz Almeida Date: Wed, 2 Aug 2023 11:19:22 -0400 Subject: [PATCH] chore: add more tests in proxy extension headers (#14842) Signed-off-by: Leonardo Luz Almeida --- .../extensions/proxy-extensions.md | 2 +- server/extension/extension_test.go | 25 ++++++++++++++----- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/docs/developer-guide/extensions/proxy-extensions.md b/docs/developer-guide/extensions/proxy-extensions.md index e75cc03beae2c..8074537170811 100644 --- a/docs/developer-guide/extensions/proxy-extensions.md +++ b/docs/developer-guide/extensions/proxy-extensions.md @@ -243,7 +243,7 @@ same headers are also sent to the backend service. The backend service must also validate if the validated headers are compatible with the rest of the incoming request. -### Outgoing Requets Headers +### Outgoing Requests Headers Requests sent to backend services will be decorated with additional headers. The outgoing request headers are documented below: diff --git a/server/extension/extension_test.go b/server/extension/extension_test.go index 51d281960013c..cb71f01a2148b 100644 --- a/server/extension/extension_test.go +++ b/server/extension/extension_test.go @@ -342,9 +342,11 @@ func TestExtensionsHandler(t *testing.T) { f.rbacMock.On("EnforceErr", mock.Anything, rbacpolicy.ResourceExtensions, rbacpolicy.ActionInvoke, mock.Anything).Return(extAccessError) } - secrets := make(map[string]string) - secrets["extension.auth.header"] = "Bearer some-bearer-token" withExtensionConfig := func(configYaml string, f *fixture) { + secrets := make(map[string]string) + secrets["extension.auth.header"] = "Bearer some-bearer-token" + secrets["extension.auth.header2"] = "Bearer another-bearer-token" + settings := &settings.ArgoCDSettings{ ExtensionConfig: configYaml, Secrets: secrets, @@ -363,6 +365,9 @@ func TestExtensionsHandler(t *testing.T) { startBackendTestSrv := func(response string) *httptest.Server { return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + for k, v := range r.Header { + w.Header().Add(k, strings.Join(v, ",")) + } fmt.Fprintln(w, response) })) @@ -482,6 +487,7 @@ func TestExtensionsHandler(t *testing.T) { require.NoError(t, err) actual := strings.TrimSuffix(string(body), "\n") assert.Equal(t, response1, actual) + assert.Equal(t, "Bearer some-bearer-token", resp1.Header.Get("Authorization")) require.NotNil(t, resp2) assert.Equal(t, http.StatusOK, resp2.StatusCode) @@ -489,6 +495,7 @@ func TestExtensionsHandler(t *testing.T) { require.NoError(t, err) actual = strings.TrimSuffix(string(body), "\n") assert.Equal(t, response2, actual) + assert.Equal(t, "Bearer another-bearer-token", resp2.Header.Get("Authorization")) }) t.Run("will return 401 if sub has no access to get application", func(t *testing.T) { // given @@ -667,9 +674,15 @@ extensions: backend: services: - url: %s + headers: + - name: Authorization + value: '$extension.auth.header' cluster: name: %s - url: %s + headers: + - name: Authorization + value: '$extension.auth.header2' cluster: server: %s ` @@ -731,8 +744,8 @@ extensions: backend: services: - url: https://httpbin.org - headers: - - value: '$some.secret.key' + headers: + - value: '$some.secret.key' ` } @@ -743,7 +756,7 @@ extensions: backend: services: - url: https://httpbin.org - headers: - - name: some-header-name + headers: + - name: some-header-name ` }